References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

audit: add missing syscalls to read class

The "at" variant of getxattr() and listxattr() are missing from the
audit read class. Calling getxattrat() or listxattrat() on a file to
read its extended attributes will bypass audit rules such as:

-w /tmp/test -p rwa -k test_rwa

The current patch adds missing syscalls to the audit read class.

https://git.kernel.org/stable/c/33cdef7ecf6e5d2cf46a35ec26befce072a1aa07

https://git.kernel.org/stable/c/5632d14b2f2a0ade2d0068e12676ebed67e3bb2a

https://git.kernel.org/stable/c/a2e8c144299c31d3972295ed80d4cb908daf4f6f

https://git.kernel.org/stable/c/ad37505ce869a8100ff23f24eea117de7a7516bf

https://git.kernel.org/stable/c/ada4bba3afefee1fa68aa6bd1fd597ea4b11a16e

https://git.kernel.org/stable/c/bcb90a2834c7393c26df9609b889a3097b7700cd

https://git.kernel.org/stable/c/ed8efd623a5738e03de09dd74b505d0fb77b09f3

https://git.kernel.org/stable/c/f5d27ad99fcaa7d965b344dd0b00d9413585c3cb

https://www.bencteux.fr/posts/missing_syscalls_audit/